GO-2022-1181: AAD Pod Identity obtaining token with backslash in github.com/Azure/aad-pod-identity

server

package

v1.8.3 Latest Latest Go to latest Published: Aug 27, 2021 License: MIT Imports: 24 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Azure/aad-pod-identity

Links

Open Source Insights

Documentation ¶

Index ¶

type MetadataResponse
type NMIResponse
type Server
- func NewServer(micNamespace string, ...) *Server
- func (s *Server) Run() error
type TokenRequest
- func (r TokenRequest) ValidateResourceParamExists() bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type MetadataResponse ¶ added in v1.6.0

type MetadataResponse struct {
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description"`
}

MetadataResponse represents the error returned to caller when metadata header is not specified.

type NMIResponse ¶

type NMIResponse struct {
	Token    msiResponse `json:"token"`
	ClientID string      `json:"clientid"`
}

NMIResponse is the response returned to caller

type Server ¶

type Server struct {
	KubeClient                         k8s.Client
	NMIPort                            string
	MetadataIP                         string
	MetadataPort                       string
	NodeName                           string
	IPTableUpdateTimeIntervalInSeconds int
	MICNamespace                       string
	Initialized                        bool
	BlockInstanceMetadata              bool
	MetadataHeaderRequired             bool
	SetRetryAfterHeader                bool
	// TokenClient is client that fetches identities and tokens
	TokenClient nmi.TokenClient
	Reporter    *metrics.Reporter
}

Server encapsulates all of the parameters necessary for starting up the server. These can be set via command line.

func NewServer ¶

func NewServer(micNamespace string, blockInstanceMetadata, metadataHeaderRequired, setRetryAfterHeader bool) *Server

NewServer will create a new Server with default values.

func (*Server) Run ¶

func (s *Server) Run() error

Run runs the specified Server.

type TokenRequest ¶ added in v1.6.2

type TokenRequest struct {
	// ClientID identifies, by Azure AD client ID, a specific identity to use
	// when authenticating to Azure AD. It is mutually exclusive with
	// MsiResourceID.
	// Example: 77788899-f67e-42e1-9a78-89985f6bff3e
	ClientID string

	// MsiResourceID identifies, by urlencoded ARM resource ID, a specific
	// identity to use when authenticating to Azure AD. It is mutually exclusive
	// with ClientID.
	// Example: /subscriptions/<subid>/resourcegroups/<resourcegroup>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<name>
	ResourceID string

	// Resource is the urlencoded URI of the resource for the requested AD token.
	// Example: https://vault.azure.net.
	Resource string
}

TokenRequest contains the client and resource ID token, as well as what resource the client is trying to access.

func (TokenRequest) ValidateResourceParamExists ¶ added in v1.6.2

func (r TokenRequest) ValidateResourceParamExists() bool

ValidateResourceParamExists returns true if there exists a resource parameter from the request.

Source Files ¶

View all Source files

server.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL